Jump to content

Search the Community

Showing results for tags 'unknown'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 20 results

  1. Hello good day, today I installed Malwarebytes from its official page when it finished installing, I noticed that the icon had a warning symbol (See image) and then I realized that it said "Malwarebytes (Unknown)" 🤔 is there any reason why This appears, can you help me? Thank you for reading.
  2. I'm testing my website and viewing other pages from a hotel and I'm intermittently getting a website blocked message from Malwarebytes. Any further information on this? I'm concerned it's connected with my web page. Log below -Software Information- Version: Components Version: 1.0.793 Update Package Version: 1.0.18646 License: Premium -System Information- OS: Windows 10 (Build 17763.973) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: RiskWare Domain: netpatas.com IP Address: Port: 80 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  3. Hate to waste your time on what is probably paranoia, but this icon is appearing in the popup menu on my taskbar, alongside the Malwarebytes, Java and Bluetooth icons as well as other recognizable images. When I mouse over it, it disappears, which is frustrating, so I was wondering if anybody could tell me what this is. Reverse image search has been no help whatsoever.
  4. Hello, I have found a number of unknown IP addresses in my MWB3 Exclusion list. I have not added any of these manually and was wondering if its any cause for concern. Many of the addresses lead to unlikely host countries of any of my services such as Astana Kazakhstan. one example IP address given below is listed on projecthoneypot.org as a spammer/hijacked address
  5. I seem to have acquired a rather nasty Bitcoin miner (or I assume that's what it is). It seems to generate a random name and create a folder in Appdata/Low which I cannot access due to an access denied. It asks for administrator rights which when provided it still says access denied (these are my personal machines. I'm the only admin). I tried to take ownership via file security but I always get an access denied error and it says the current owner is unknown. It creates multiple threads using the same name as the folder it created which I cannot affect in any way. I can't kill them or restrict there priority level. I also cannot open the containing folder due to the aforementioned admin issue. It seems to constantly max out either 1 or 2 cores on and off. It drops down to no usage for 30 seconds to 2 minutes on a regular basis. I'm not sure what it's doing as I don't get a spike in network traffic. Based on how the performance hit affects my system I suspect these processes have given themselves above average priority. The virus seems to have spread to my Laptop and HTPC via my network since there isn't any download I've made that the 3 of them have in common. The processes have in common only that they identify themselves as "Windows Process Manager" in the description bar and that whenever the file name of the current process is googled it always seems to be listed on the page of a spam redirect webpage: * www.discopoints.org/?postfix=CB&prefix=WE I suspect that web portal acts as some sort of homing device since every filename they've taken so far has been on that webpage. The hard part is I can't find out how to remove the virus because I don't know the name or strain of the virus due to it creating randomly named folders. MalwareBytes Anti Malware (which is supposedly the best at detecting Malware) never detects it even when I specifically tell it to scan the aforementioned folders. It doesn't seem to be using my GPU. Only my CPU. So far the process names i've seen are: * nvbtcis * weklacb * aurpmwc * nvczsrmsvc It's also always accompanied by a process that describes itself as "Printer Driver Host" * dtmcbpx They are always 32-bit processes. Each instance of the main mining process seems to use between 20 and 100MB of RAM depending on the age of the process. Do any of you recognize this behavior? If I can find out what virus I'm dealing with I can likely find instructions on its removal. I've never seen a virus that takes this degree of control over my systems. * Edit: Both systems are running Windows 7 Ultimate SP1 64-bit * Edit 2: I also tried booting to Linux Live to view the folders. Under Linux the folders appeared as empty. I tried deleting them so I could boot back into Windows and create my own folders in a read only state so they couldn't re replicate themselves. By the time I was into Explorer they had already been taken over by the virus again. * Edit 3: I've noticed it has the digital signature of a company called Jetbrains S.R.O. so I've sent them an email to see if they know anything about this. I assume they won't be happy that there digital signature is on a virus program. * Edit 4: Reinstalling my OS isn't an option. It would take monthes to reinstall all my software. We're talking 3+ year old installs with TBs of data. It was suggested I try posting here. Neither MalwareBytes nor Avast have been able to succesfully remove this virus. Avasts BootScan just threw out a data error and was unable to correctly delete the files. RKill didn't kill it.
  6. Hi! Following the steps to try to solve this; My your FRST, Additions, and Malwarebytes Threat Scan logs. Ty already, I'll wait for the help. Addition.txt AdwCleaner[S8].txt FRST.txt
  7. A bunch of weird things is happening: Restarting at random points Also, now I noticed a way to get passed it, by clicking on the icon on macos but now it is not working. Mail seems weird with notifications fading I am on version macos 10.12.6
  8. Malwarebytes is displaying boxes identifying imp.paradiskus.com as a malicious website at 45 63 51 59. I never heard of that website before, this started about 01/22/18, and cannot figure out how to get rid of the attempts to contact me. WARNINGS OCCUR INSTANTLY WHEN I LOG ON TO GMAIL ON MY HP LAPTOP. Help with this would be greatly appreciated!!!!
  9. The last few times I've run a scan, I get this message.
  10. My lan or ethernetport keeps getting the "unknown network" error whenever I try to use it. Sofar I have removed and reinstalled the drivers, reset almost all winsock possible, yet non of this seems to work.
  11. Just today, MalwareBytes Premium started blocking outbound connection attempts by sync-eu.exe.bid. Curious as to what it is and why it just started blocking it today. http://
  12. So I was cleaning out the temporary files left from Visual C++ on my C:/ drive, when I found 4 files all ending with .tmp that were there as well. Their names are as follows: EC8.tmp E831.tmp BF30.tmp 4C4B.tmp Looking the names of these online said they were something to do with malware, so I'm paranoid now. Are these files dropped by a piece of malware or are they system files that can be infected? Can I delete them?
  13. Hello, I have what I believe to be a problem. On all my Windows 10 machines I have discovered a Hidden Unknown Background Process running at all times. This Unknown Process is not visible in the normal task manager, it's only visible in third party tools like cports and other networking tools. Dose any one know what this is, or if it's a problem or not. Sometimes the Unknown Process will launch many other Unknown Processes making windows 10 slow to react. Below is a list of hosts the Unknown Process is sending requests back and forth to. Not everything in the list below was coming from this Unknown Process but a lot of it was, I just copied out my block list from my host file and posted it, so some of the list may have been coming from other possesses but most of them are from this Unknown Background application in windows 10. sirius.mwbsys.comsirius-prod.elasticbeanstalk.comprev.cloud.avg.comv10.vortex-win.data.microsoft.comv10.vortex-win.data.metron.live.com.nsatc.netvortex.data.glbdns2.microsoft.comVORTEX-cy2.metron.live.com.nsatc.nettools.l.google.comsns.dns.icann.orgsettings-win.data.microsoft.comOneSettings-bn2.metron.live.com.nsatc.netstats.mbamupdates.comCollection-Balancer-1322209416.us-east-1.elb.amazonaws.comdata-cdn.mbamupdates.comvip0x062.ssl.hwcdn.netprisoner.iana.orgsettings.data.glbdns2.microsoft.comieonlinews.microsoft.comocsp2.globalsign.comcrl.usertrust.comlive.comns1.msft.netrns02.charter.comrns01.charter.comakamaitechnologies.comVortex-db5.metron.live.com.nsatc.netprev.explabs.netvip098.ssl.hwcdn.netns1.gts.czocsp.verisign.comocsp-ds.ws.symantec.com.edgekey.nete8218.dscb1.akamaiedge.netns1.edgecastcdn.netav.download.avg.comaa.avg.comaa.avg.com.edgesuite.neta1019.g2.akamai.netamazonaws.comavg.czdm2306-a.1drv.comav.update.avg.comupdate.avg.com.edgekey.nete11023.a.akamaiedge.nets3-1.amazonaws.comyk-in-f108.1e100.netyv-in-f136.1e100.netyx-in-f102.1e100.netyv-in-f113.1e100.netyv-in-f95.1e100.netns1.google.comns2.google.comns3.google.comns4.google.comec2-52-25-54-181.us-west-2.compute.amazonaws.comec2-52-35-210-189.us-west-2.compute.amazonaws.coma23-61-187-27.deploy.static.akamaitechnologies.coma104-79-133-115.deploy.static.akamaitechnologies.coma104-91-166-96.deploy.static.akamaitechnologies.coma104-91-166-96.deploy.static.akamaitechnologies.com a184-31-193-149.deploy.static.akamaitechnologies.comc6945.sgvps.netatl14s21-in-f6.1e100.netyx-in-f156.1e100.netyv-in-f102.1e100.netyx-in-f101.1e100.netyw-in-f95.1e100.neta23-61-75-27.deploy.static.akamaitechnologies.comxx-fbcdn-shv-01-ord1.fbcdn.neta104-91-166-91.deploy.static.akamaitechnologies.coma23-64-112-45.deploy.static.akamaitechnologies.coma104-91-166-90.deploy.static.akamaitechnologies.coma104-91-166-113.deploy.static.akamaitechnologies.coma104-91-166-83.deploy.static.akamaitechnologies.commq-cov-osm-dtc-mapquest-a.evip.aol.comec2-54-175-215-216.compute-1.amazonaws.coma23-64-126-247.deploy.static.akamaitechnologies.coma-0001.a-msedge.netcoral.wiktel.com71.10.216.1 : rns01.charter.comec2-23-23-131-45.compute-1.amazonaws.comec2-23-21-130-13.compute-1.amazonaws.comec2-52-11-75-113.us-west-2.compute.amazonaws.comtoken.r53-2.services.mozilla.comclients.l.google.comyoutube-ui.l.google.comec2-54-152-180-212.compute-1.amazonaws.comwww-google-analytics.l.google.coma104-91-212-129.deploy.static.akamaitechnologies.coma104-91-230-199.deploy.static.akamaitechnologies.coma104-91-166-234.deploy.static.akamaitechnologies.coma104-91-166-82.deploy.static.akamaitechnologies.coma104-91-166-80.deploy.static.akamaitechnologies.coma104-91-192-31.deploy.static.akamaitechnologies.comec2-50-17-192-248.compute-1.amazonaws.comyv-in-f91.1e100.netec2-52-88-115-84.us-west-2.compute.amazonaws.comghs-vip-any-c46.ghs-ssl.googlehosted.comden03s10-in-f36.1e100.netyw-in-f190.1e100.netec2-54-209-5-173.compute-1.amazonaws.comec2-52-27-138-29.us-west-2.compute.amazonaws.comyw-in-f113.1e100.neta104-91-166-104.deploy.static.akamaitechnologies.com166-22.amazon.coma104-91-230-198.deploy.static.akamaitechnologies.comec2-50-16-234-116.compute-1.amazonaws.comcrl.comodoca.commessengerskydrive.coma23-64-119-117.deploy.static.akamaitechnologies.coma72-246-104-169.deploy.akamaitechnologies.comyx-in-f95.1e100.netyv-in-f94.1e100.netqh-in-f106.1e100.net18-127-232-198.static.unitasglobal.net120.0.0.1 d1-3-0-0-19.a01.nycmny03.us.ce.verio.net120.0.0.1 ec2-54-183-163-208.us-west-1.compute.amazonaws.com120.0.0.1 ya-in-f139.1e100.net120.0.0.1 ya-in-f94.1e100.net120.0.0.1 ec2-52-25-54-181.us-west-2.compute.amazonaws.com120.0.0.1 ql-in-f105.1e100.net120.0.0.1 a23-61-75-27.deploy.static.akamaitechnologies.comserver-52-84-7-171.ord54.r.cloudfront.netya-in-f94.1e100.net94.31.29.154.IPYX-077437-ZYO.above.netyx-in-f94.1e100.net5b.89.7e4b.ip4.static.sl-reverse.com I would like to add that I can't find this application at this time on my machine. I also can't kill it and when it's tampered with it seem to go into a protection mode and go's dormant for some time and then relaunches it's self. I'm not sure and I could be wrong but it seems to send information about the websites I'm looking at at the time.
  14. Hallo, please, can you help me? svchost.exe is connected (connection is established when computer starts) to particular address, for me fully unknow. This is a log file: 20:10:54 SVCHOST.EXE OUT TCP hefra.mobilatak.net 80 Generic Host Process HTTP connection 0 0 SVCHOST.EXE: 3720 20:10:54 SVCHOST.EXE OUT TCP hefra-ap1.mobilatak.net 80 Generic Host Process HTTP connection 0 0 SVCHOST.EXE: 3720 I use NOD32 ESET antivirus, Outpost Firewall, I scanned my comuper with Bitdefender, Malwarebtes Anti-Malware. Nothing - computer should be clean. Can anyone advise me, please, how to find out what connects via svchost.exe to this address? Or how can I stop it? Thank you Radovan
  15. So here is my present issue at hand, and it's quite the pickle. As of yesterday, June 22, I began to experience problems concerning my modem and my overall internet connection. The modem is relatively new, with it being I believe less than a year old. It was a modem provided to us by our internet provider, Comcast. Point being is that the modem suddenly began to experience lag time in its internet speeds, followed then by a crash. The signal came on and off again, cycling like this without stopping for an indefinite amount of time. I manually restarted my computer, along with the modem also. It was fine for thirty minutes, but the issue then came again, this time without any noticeable lag. It just shut off immediately, followed by the same on and off cycles. Worried, I called Comcast. Thrice I did this, and they always did the same thing: they sent a restart signal to the modem, which only allowed it to maintain stability for two or three hours at best. The last crash was this morning, and I've just now restored the connection. However, upon researching this issue, I found a distressing revelation. I noticed it was only my computer causing the modem crash. I'm currently on a secondary computer, and the internet connection is working just fine. The minute I get on my primary computer, however, the modem crashes immediately. My research said that this could be the modem either unable to handle multiple computers requesting access to the web, or that it could be a botnet or malware over-saturating the modem and causing it to crash. I've just now began a scan with both Malwarebytes and a Norton full security scan. So far, nothing suspicious has emerged. With this in mind, I'll be performing the following tests in the meantime: I will disconnect all secondary computers and only use my primary computer. If the modem does not shut off, I can only assume the modem is faulty and cannot handle large loads. If it does crash, I will then assume my primary computer is the culprit. I will also post the results of my Norton and Malwarebytes scan here once they are complete. I will greatly appreciate any help on this matter. Many thanks, Reinhardt
  16. I'm not sure if it's a maleware, but I'm kinda getting annoyed by it and it was once found by Malewarebytes. So I think you can call it a maleware. But the thing is: it's in the Folder C:\ProgramData\Microsoft\Secure\Icons. If you delete it, it just appears again. And you get sometimes an error message, saying that the file you deleted was not found (but you can keep doing your buisness without any interruptions). But if it's installed again, my !avast (Programm) tell me that they blocked this file, saying it's a Virus. When you run your Pc 8 hours straight, the message of !avast appears 1-3 times. And the file always changes it's name (like tmp323, later tmp142), but not it's location. I googled fpr help, but with no real results. And since it's in the microsoft folder, it must have a function. Looking forward for any help. Maybe I'm just doing something really wrong^^ Greetings, Malz
  17. Hello guys my name is jaga And yesterday my friends plug his USB to my computer and "maybe" the USB of my friends was infected by this virus and the infection go to my computer So.......today i had no idea how to fix it because its a gaming computer and i only use it for gaming so i only go to internet when i need some news about games,oh and i downloaded my game from trusted source called "steam" ---------------------------------------------------------------------------------------------------------------------------------------------- So i actually never ever experienced virus infection in computer which now the first time i infected by virus really make me stressed out So i really need your help guys! especially an expert. Oh and i forgot this is my first post Whatever.....i think i talk so much so lets just go to the log file!!!! ------------------------------------------------------------------------------------------ : Log file proccesing 100% complete Joking!! : : :-----------------------------------------------------------------------------------------: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/3/2014 Scan Time: 6:51:59 PM Logfile: logfiles.txt Administrator: Yes Version: Malware Database: v2014.10.02.05 Rootkit Database: v2014.09.19.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: user Scan Type: Threat Scan Result: Completed Objects Scanned: 318995 Time Elapsed: 6 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 2 PUM.Hijack.Regedit, HKU\S-1-5-21-700176172-1031871842-36940330-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[65886ca3413b0135c13921eaa95c38c8] PUM.Hijack.TaskManager, HKU\S-1-5-21-700176172-1031871842-36940330-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[06e7f8178af2e94dd686a4694abbb54b] Folders: 0 (No malicious items detected) Files: 2 Trojan.Malpack.Gen, C:\nvkgb.pif, , [a746000f3f3dea4cd9f6758f7a8746ba], Trojan.Malpack.Gen, C:\$RECYCLE.BIN\S-1-5-21-700176172-1031871842-36940330-1000\$RPCHOLA.pif, , [7e6f2ae5df9d70c63b94c044ec15d42c], Physical Sectors: 0 (No malicious items detected) (end) I Hope you help me with this problem! Thx! Oh and i was only an 11 years old boy But.....please don't refuse to help me or deny me because of my age I do my best to follow your instructions!!!
  18. Thankyou for any assistance... google returns nothing on these services, error keeps repeating at boot. Is this malware? can anybody confirm and identify so I can remove and eliminate error? or scan the component requesting missing service file Win139emva service Hipqrvtr service Error detail below ---------------------------------------------------------- Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 4/2/2014 Time: 4:20:12 PM User: N/A Computer: ******* Description: The Hipqrvtr service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 4/1/2014 Time: 1:18:17 PM User: N/A Computer: ******** Description: The Win139emva service failed to start due to the following error: The filename, directory name, or volume label syntax is incorrect. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  19. <p>Cannot run malwarebyes. Receiving a message that states link is corrupt, damage, and by an unknown publisher. Actually most all malware and utilities I have tried to load is rejected. Any ideas?
  20. I don't know what this is, but nothing seems to get rid of it. I have posted the Malwarebytes Log details. Can anyone help? much regards, Denise. Malwarebytes Anti-Malware (PRO) www.malwarebytes.org Database version: v2012.02.29.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Nick & Denise :: DRAGONFLYECLIPS [administrator] Protection: Enabled 3/1/2012 8:28:55 AM mbam-log-2012-03-01 (08-28-55).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 156065 Time elapsed: 1 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.